GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
147 advisories
Filter by severity
Twig has unguarded calls to `__isset()` and to array-accesses when the sandbox is enabled
Low
CVE-2024-51755
was published
for
twig/twig
(Composer)
Nov 6, 2024
Twig has unguarded calls to `__toString()` when nesting an object into an array
Low
CVE-2024-51754
was published
for
twig/twig
(Composer)
Nov 6, 2024
Apache Helix Front (UI) component contained a hard-coded secret
High
CVE-2024-22281
was published
for
org.apache.helix:helix
(Maven)
Aug 21, 2024
malicious container creates symlink "mtab" on the host External
High
CVE-2024-5154
was published
for
github.com/cri-o/cri-o
(Go)
Jun 4, 2024
wolfictl leaks GitHub tokens to remote non-GitHub git servers
Moderate
CVE-2024-35183
was published
for
github.com/wolfi-dev/wolfictl
(Go)
May 15, 2024
IPv6 enabled on IPv4-only network interfaces
Moderate
CVE-2024-32473
was published
for
github.com/docker/docker
(Go)
Apr 18, 2024
DIRAC: Unauthorized users can read proxy contents during generation
High
CVE-2024-29905
was published
for
DIRAC
(pip)
Apr 9, 2024
Apache Airflow: DAG Code and Import Error Permissions Ignored
Moderate
CVE-2024-27906
was published
for
apache-airflow
(pip)
Feb 29, 2024
containerd environment variable leak
Moderate
CVE-2021-21334
was published
for
github.com/containerd/containerd
(Go)
Jan 31, 2024
runc vulnerable to container breakout through process.cwd trickery and leaked fds
High
CVE-2024-21626
was published
for
github.com/opencontainers/runc
(Go)
Jan 31, 2024
Duplicate Advisory: httparty has multipart/form-data request tampering vulnerability
Moderate
GHSA-g47j-3m2m-74qv
was published
for
httparty
(RubyGems)
Jan 4, 2024
•
withdrawn
Apache Airflow vulnerable to Exposure of Resource to Wrong Sphere
Moderate
CVE-2023-48291
was published
for
apache-airflow
(pip)
Dec 21, 2023
Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Moderate
CVE-2023-5545
was published
for
moodle/moodle
(Composer)
Nov 9, 2023
Moodle Improper Access Control vulnerability
Moderate
CVE-2023-5542
was published
for
moodle/moodle
(Composer)
Nov 9, 2023
org.xwiki.platform:xwiki-platform-oldcore may leak data through deleted and re-created documents
Moderate
CVE-2023-37911
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Oct 25, 2023
MantisBT may disclose project names to unauthorized users
Moderate
CVE-2023-44394
was published
for
mantisbt/mantisbt
(Composer)
Oct 17, 2023
Apache Airflow vulnerable to privilege escalation
Moderate
CVE-2023-42792
was published
for
apache-airflow
(pip)
Oct 14, 2023
Minio vulnerable to Privilege Escalation on Windows via Path separator manipulation
High
CVE-2023-28433
was published
for
github.com/minio/minio
(Go)
Sep 6, 2023
Secret displayed without masking by Chef Identity Plugin
Low
CVE-2023-39155
was published
for
org.jenkins-ci.plugins:chef-identity
(Maven)
Jul 26, 2023
Apache InLong: General user can delete and update process
Moderate
CVE-2023-34189
was published
for
org.apache.inlong:inlong-manager
(Maven)
Jul 25, 2023
Nomad Caller ACL Token’s Secret ID is Exposed to Sentinel
Low
CVE-2023-3299
was published
for
github.com/hashicorp/nomad
(Go)
Jul 20, 2023
Apache InLong Exposure of Resource to Wrong Sphere vulnerability
High
CVE-2023-31103
was published
for
org.apache.inlong:manager-dao
(Maven)
Jul 6, 2023
Apache InLong Exposure of Resource to Wrong Sphere vulnerability
High
CVE-2023-31206
was published
for
org.apache.inlong:manager-dao
(Maven)
Jul 6, 2023
XWiki Platform may show email addresses in clear in REST results
High
CVE-2023-35151
was published
for
org.xwiki.platform:xwiki-platform-rest-server
(Maven)
Jun 20, 2023
ProTip!
Advisories are also available from the
GraphQL API